About Content Storage and Data Protection

Have you ever asked yourself where your Scrivito CMS content is stored, how it is secured, how fast and reliably it is served, and how Scrivito protects your data? Read on.

Which data is stored where?

All the content stored in a Scrivito CMS is handled by Amazon Web Services (AWS), meaning that it is transferred to, stored on, and retrieved from Amazon servers. Two distinct kinds of content exist, which are treated and stored differently, textual, and non-textual (binary) content.

Textual and binary CMS content

Textual content comprises everything represented as characters, first and foremost CMS object and widget instances (e.g. pages and their attributes), but, of course, also HTML markup, CSS, numbers, metadata and so on. Such content is stored using Amazon S3 (Simple Storage Service). Some structural data is stored in a highly scalable AWS database.

Content, which isn’t textual, is binary: images, videos, PDF files, apps and packages, but also office files like spreadsheets. Binary content is also stored using Amazon S3 but is additionally distributed worldwide through Amazon CloudFront (see below for details).

Note that the metadata of binary content (e.g. the EXIF and IPTC data of images) counts as textual content, too, and is hence stored separately from the distributed binaries themselves.

Data security and availability

To ensure that your content never gets lost due to a system failure, and that it's served reliably and fast, we store your data in Amazon’s EU (Ireland) region with its three Availability Zones. Amazon manages backups, software patching, automatic failure detection, and recovery for us – and thus for you. We use load balancers to mitigate traffic peaks, keeping your site up even during rush hours. All production servers are secured by a firewall, and all our services are isolated by VPCs (virtual private clouds).

As mentioned above, your binary content is stored separately from the textual content. Since binaries can become quite large, transferring them puts much more load on the network than with, for example, HTML files. Also, transferring binaries over long distances may significantly slow down their delivery. For these reasons, we use Amazon CloudFront, a CDN (content delivery network) that makes your binary content regionally available to visitors all around the world.

Note that all your pending, not-yet-published binaries (in your working copies) are for your eyes only and not publicly accessible.

Further reading

What about the application code?

Your Scrivito-based application needs to be hosted somewhere for people to be able to visit your website. You can have your app code hosted wherever you wish. We partner with Netlify for their easy-to-use full-service hosting, automatic deployment, fast delivery through their CDN and many more reasons for giving them a try.

Where does form data go?

When implementing a form in your Scrivito-based app (be it as a widget or directly in the page layout), you are free to decide how the submitted form data should be processed and where it should be persisted. You could use an Amazon Lambda function or any suitable remote service for this.

Netlify offers form handling, too, but forms currently need to be coded as plain HTML, meaning that you cannot have them rendered using Scrivito’s React-based components unless you additionally provide the HTML version. Note that form data handled by Netlify is stored in the US.

Data protection

Scrivito is developed by Infopark AG. As a company based in Germany, Infopark AG is governed by German data protection laws (currently § 9 sentence 1 of the German Federal Data Protection Act).

On May 25, 2018, the General Data Protection Regulation (GDPR) was enforced, according to which all personal data of EU citizens must be hosted in the EU. See https://gdpr-info.eu/ for details, or visit the homepage of EU GDPR.

The measures Infopark takes to ensure conformity with the applicable laws are detailed in the documents available on our Terms of Service page.

Order data processing

Infopark AG potentially stores and processes personal data on behalf of their customers, using third-party service providers such as Amazon Web Services (AWS). Order data processing contracts between Infopark AG and these third parties bind them to the current data protection regulations.

We encourage every customer using our services in connection with storing or processing personal data to sign an order data processing contract with us. Please contact our customer support for further information.

Data protection officer

Infopark AG has commissioned all legal data protection matters to a professional agency, coseco GmbH (info@coseco.de). Feel free to get in touch if questions arise.